Crypto platform hit by $600 million heist asks hacker to become its chief security advisor
The cryptocurrency platform targeted in a massive heist is now inviting the hacker behind it to become an advisor to the firm, and promising a $500,000 reward for the restoration of user funds.
Poly Network, a so-called decentralized finance or "DeFi" project, was hit with a major attack last week which saw the hacker, or hackers, make off with more than $600 million worth of tokens.
Poly Network lets users swap tokens from one digital ledger to another. Someone exploited a flaw in Poly Network's code which allowed them to transfer the assets to their own crypto wallets.
It is thought to be the largest crypto heist of all time, surpassing the $534.8 million in digital coins stolen from Japanese exchange Coincheck in a 2018 attack and the estimated $450 million worth of bitcoin that went missing from Tokyo-based exchange Mt. Gox in 2014.
In Poly Network's case, the hacker has taken the unusual step of returning most of the stolen money. All but $33 million of the crypto has now been returned.
https://www.cnbc.com/2021/08/17/poly-network-cryptocurrency-hack-latest.html
#PolyNetwork #cryptocurrency #hack
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
The cryptocurrency platform targeted in a massive heist is now inviting the hacker behind it to become an advisor to the firm, and promising a $500,000 reward for the restoration of user funds.
Poly Network, a so-called decentralized finance or "DeFi" project, was hit with a major attack last week which saw the hacker, or hackers, make off with more than $600 million worth of tokens.
Poly Network lets users swap tokens from one digital ledger to another. Someone exploited a flaw in Poly Network's code which allowed them to transfer the assets to their own crypto wallets.
It is thought to be the largest crypto heist of all time, surpassing the $534.8 million in digital coins stolen from Japanese exchange Coincheck in a 2018 attack and the estimated $450 million worth of bitcoin that went missing from Tokyo-based exchange Mt. Gox in 2014.
In Poly Network's case, the hacker has taken the unusual step of returning most of the stolen money. All but $33 million of the crypto has now been returned.
https://www.cnbc.com/2021/08/17/poly-network-cryptocurrency-hack-latest.html
#PolyNetwork #cryptocurrency #hack
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
CNBC
Crypto platform hit by $600 million heist asks hacker to become its chief security advisor
Cryptocurrency platform Poly Network was hit with a major attack last week which saw hackers make off with more than $600 million worth of tokens.
Kryptor FPGA - A one-chip hardware security module (HSM) and MAX10 FPGA dev board
We are extremely excited to finally bring our encryption solution, originally built for professional usage in diverse niche markets (such as the space and drone industries) to a wider audience, including IoT developers and maker communities. Our solution is entirely made in Europe and, as you will know if youโve been following our recent updates, has been tested and used by the European Space Agency (ESA).
Hence, what you are getting when purchasing SKUDO Kryptor is a solid, well-tested, easy-to-use, plug-and-play module that takes advantage of our verifiable HSM soft-core โ an entire Hardware Security Module, with the ability to perform various encryption functions, within a single FPGA chip.
Designed with encryption in mind and built around a single, compact Intel/Altera MAX10 FPGA chip, Kryptor is a professional FPGA development board capable of offering all the functionality of a dedicated Hardware Security Module (HSM) when running our custom soft-core. Combined with that verifiable HSM soft-core, Kryptor brings an easy-to-use, plug-and-play encryption solution to the IoT-developer and maker communities.
https://www.crowdsupply.com/skudo/kryptor-fpga
#kryptor #fpga #encryption
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
We are extremely excited to finally bring our encryption solution, originally built for professional usage in diverse niche markets (such as the space and drone industries) to a wider audience, including IoT developers and maker communities. Our solution is entirely made in Europe and, as you will know if youโve been following our recent updates, has been tested and used by the European Space Agency (ESA).
Hence, what you are getting when purchasing SKUDO Kryptor is a solid, well-tested, easy-to-use, plug-and-play module that takes advantage of our verifiable HSM soft-core โ an entire Hardware Security Module, with the ability to perform various encryption functions, within a single FPGA chip.
Designed with encryption in mind and built around a single, compact Intel/Altera MAX10 FPGA chip, Kryptor is a professional FPGA development board capable of offering all the functionality of a dedicated Hardware Security Module (HSM) when running our custom soft-core. Combined with that verifiable HSM soft-core, Kryptor brings an easy-to-use, plug-and-play encryption solution to the IoT-developer and maker communities.
https://www.crowdsupply.com/skudo/kryptor-fpga
#kryptor #fpga #encryption
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Crowd Supply
Kryptor FPGA
A one-chip hardware security module (HSM) and MAX10 FPGA dev board
Apple files appeal notice in copyright lawsuit against cybersecurity firm
(Reuters) - Apple Inc (AAPL.O) on Tuesday filed a notice of appeal in a copyright case it brought against cybersecurity firm Corellium LLC in 2019.
Corellium sells tools to allow security researchers access to a "virtual" software-based version of the iPhone. In its suit, Apple alleged Corellium violated copyrights to its iOS operating system.
A judge in the U.S. District Court for the Southern District of Florida dismissed many of Apple's claims in a summary judgment last year.
https://www.reuters.com/legal/transactional/apple-files-appeal-notice-copyright-lawsuit-against-cybersecurity-firm-2021-08-17/
#apple #appeal #copyright #lawsuite #corellium
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
(Reuters) - Apple Inc (AAPL.O) on Tuesday filed a notice of appeal in a copyright case it brought against cybersecurity firm Corellium LLC in 2019.
Corellium sells tools to allow security researchers access to a "virtual" software-based version of the iPhone. In its suit, Apple alleged Corellium violated copyrights to its iOS operating system.
A judge in the U.S. District Court for the Southern District of Florida dismissed many of Apple's claims in a summary judgment last year.
https://www.reuters.com/legal/transactional/apple-files-appeal-notice-copyright-lawsuit-against-cybersecurity-firm-2021-08-17/
#apple #appeal #copyright #lawsuite #corellium
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Reuters
Apple appeals against security research firm while touting researchers
Apple Inc (AAPL.O) on Tuesday appealed a copyright case it lost against security startup Corellium, which helps researchers examine programs like Apple's planned new method for detecting child sex abuse images.
BlackBerry resisted announcing major flaw in software powering cars, hospital equipment
The former smartphone maker turned software firm resisted announcing a major vulnerability until after federal officials stepped in.
A flaw in software made by BlackBerry has left two hundred million cars, along with critical hospital and factory equipment, vulnerable to hackers โ and the company opted to keep it secret for months.
On Tuesday, BlackBerry announced that old but still widely used versions of one of its flagship products, an operating system called QNX, contain a vulnerability that could let hackers cripple devices that use it. But other companies affected by the same flaw, dubbed BadAlloc, went public with that news in May.
Two people familiar with discussions between BlackBerry and federal cybersecurity officials, including one government employee, say the company initially denied that BadAlloc impacted its products at all and later resisted making a public announcement, even though it couldnโt identify all of the customers using the software.
The back-and-forth between BlackBerry and the government highlights a major difficulty in fending off cyberattacks on increasingly internet-connected devices ranging from robotic vacuum cleaners to wastewater-plant management systems. When companies such as BlackBerry sell their software to equipment manufacturers, they rarely provide detailed records of the code that goes into the software โ leaving hardware makers, their customers and the government in the dark about where the biggest risks lie.
https://www.politico.com/news/2021/08/17/blackberry-qnx-vulnerability-hackers-505649
#vulnerability #blackberry
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
The former smartphone maker turned software firm resisted announcing a major vulnerability until after federal officials stepped in.
A flaw in software made by BlackBerry has left two hundred million cars, along with critical hospital and factory equipment, vulnerable to hackers โ and the company opted to keep it secret for months.
On Tuesday, BlackBerry announced that old but still widely used versions of one of its flagship products, an operating system called QNX, contain a vulnerability that could let hackers cripple devices that use it. But other companies affected by the same flaw, dubbed BadAlloc, went public with that news in May.
Two people familiar with discussions between BlackBerry and federal cybersecurity officials, including one government employee, say the company initially denied that BadAlloc impacted its products at all and later resisted making a public announcement, even though it couldnโt identify all of the customers using the software.
The back-and-forth between BlackBerry and the government highlights a major difficulty in fending off cyberattacks on increasingly internet-connected devices ranging from robotic vacuum cleaners to wastewater-plant management systems. When companies such as BlackBerry sell their software to equipment manufacturers, they rarely provide detailed records of the code that goes into the software โ leaving hardware makers, their customers and the government in the dark about where the biggest risks lie.
https://www.politico.com/news/2021/08/17/blackberry-qnx-vulnerability-hackers-505649
#vulnerability #blackberry
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
POLITICO
BlackBerry resisted announcing major flaw in software powering cars, hospital equipment
The former smartphone maker turned software firm resisted announcing a major vulnerability until after federal officials stepped in.
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (โCISAโ) that affects millions of IoT devices that use the ThroughTek โKalayโ network. This vulnerability, discovered by researchers on Mandiantโs Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.
At the time of writing this blog post, ThroughTek advertises having more than 83 million active devices and over 1.1 billion monthly connections on their platform. ThroughTekโs clients include IoT camera manufacturers, smart baby monitors, and Digital Video Recorder (โDVRโ) products. Unlike the vulnerability published by researchers from Nozomi Networks in May 2021 (also in coordination with CISA), this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.
The Kalay protocol is implemented as a Software Development Kit (โSDKโ) which is built into client software (e.g. a mobile or desktop application) and networked IoT devices, such as smart cameras. Due to how the Kalay protocol is integrated by original equipment manufacturers (โOEMsโ) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.
This vulnerability has been assigned a CVSS3.1 base score of 9.6 and is tracked as CVE-2021-28372 and FEYE-2021-0020. This blog post discusses the Kalay network and CVE-2021-28372 at a high level. It also includes recommendations from ThroughTek and Mandiant, along with mitigation options.
Mandiant would like to thank both CISA and ThroughTek for their coordination and support in releasing this advisory.
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
#iot #vulnerability #mandiant
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (โCISAโ) that affects millions of IoT devices that use the ThroughTek โKalayโ network. This vulnerability, discovered by researchers on Mandiantโs Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.
At the time of writing this blog post, ThroughTek advertises having more than 83 million active devices and over 1.1 billion monthly connections on their platform. ThroughTekโs clients include IoT camera manufacturers, smart baby monitors, and Digital Video Recorder (โDVRโ) products. Unlike the vulnerability published by researchers from Nozomi Networks in May 2021 (also in coordination with CISA), this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.
The Kalay protocol is implemented as a Software Development Kit (โSDKโ) which is built into client software (e.g. a mobile or desktop application) and networked IoT devices, such as smart cameras. Due to how the Kalay protocol is integrated by original equipment manufacturers (โOEMsโ) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.
This vulnerability has been assigned a CVSS3.1 base score of 9.6 and is tracked as CVE-2021-28372 and FEYE-2021-0020. This blog post discusses the Kalay network and CVE-2021-28372 at a high level. It also includes recommendations from ThroughTek and Mandiant, along with mitigation options.
Mandiant would like to thank both CISA and ThroughTek for their coordination and support in releasing this advisory.
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
#iot #vulnerability #mandiant
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Media is too big
VIEW IN TELEGRAM
Tech Pioneer to Madman - The Bizarre Life of John McAfee
Strap in for a wild ride! ....
https://www.youtube.com/watch?v=tteBgBngES8
#McAfee #video
๐ฅ@cRyPtHoN_INFOSEC_FR
๐ฅ@cRyPtHoN_INFOSEC_EN
๐ฅ@cRyPtHoN_INFOSEC_DE
๐ฅ@BlackBox_Archiv
Strap in for a wild ride! ....
https://www.youtube.com/watch?v=tteBgBngES8
#McAfee #video
๐ฅ@cRyPtHoN_INFOSEC_FR
๐ฅ@cRyPtHoN_INFOSEC_EN
๐ฅ@cRyPtHoN_INFOSEC_DE
๐ฅ@BlackBox_Archiv
DNB warning against Binance
The Dutch Central Bank (DNB) announces that Binance* is offering crypto services in the Netherlands without a legally required registration with DNB. This means that Binance is acting in violation of the Prevention of Money Laundering and Terrorist Financing Act (Wwft) and is illegally: (1) offering services for exchanging between virtual currencies and fiduciary currencies, and (2) offering custody wallets.
Customers may be at increased risk of being involved in money laundering or terrorist financing as a result.
https://www.dnb.nl/actueel/algemeen-nieuws/nieuwsberichten-2021/waarschuwing-van-dnb-tegen-binance/
#binance #netherlands #dnb #warning
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
The Dutch Central Bank (DNB) announces that Binance* is offering crypto services in the Netherlands without a legally required registration with DNB. This means that Binance is acting in violation of the Prevention of Money Laundering and Terrorist Financing Act (Wwft) and is illegally: (1) offering services for exchanging between virtual currencies and fiduciary currencies, and (2) offering custody wallets.
Customers may be at increased risk of being involved in money laundering or terrorist financing as a result.
https://www.dnb.nl/actueel/algemeen-nieuws/nieuwsberichten-2021/waarschuwing-van-dnb-tegen-binance/
#binance #netherlands #dnb #warning
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
www.dnb.nl
Waarschuwing van DNB tegen Binance
18 augustus 2021
De Nederlandsche Bank (DNB) maakt bekend dat Binance* zonder wettelijk verplichte registratie bij DNB cryptodiensten in Nederland aanbiedt. Dat betekent dat Binance in strijd handelt met de Wet ter voorkoming van witwassen en financierenโฆ
De Nederlandsche Bank (DNB) maakt bekend dat Binance* zonder wettelijk verplichte registratie bij DNB cryptodiensten in Nederland aanbiedt. Dat betekent dat Binance in strijd handelt met de Wet ter voorkoming van witwassen en financierenโฆ
"Beijing sees TikTok as an extension of the party".
The Chinese government is getting in on tech giant ByteDance, which owns TikTok. U.S. politicians now fear that China is slowly but surely usurping power over the video app.
The deal was struck in secret. Not a word leaked to the public. Four months ago, the Chinese government got in on a subsidiary of Beijing tech giant ByteDance. The government acquired a one percent stake and was given a seat on the supervisory board. Only now has the deal become public - and it immediately caused unrest, especially in the US.
That's because Bytedance also owns the video app TikTok, which is now downloaded more often in America than Instagram, WhatsApp and Facebook. So is China expanding its influence in the country with which it was until recently engaged in a bitter trade war?
At first glance, it all seems to concern only China itself. The subsidiary into which the state entered holds the licenses to operate Douyin, the Chinese version of TikTok, and Toutiao, a news portal. Both services are available only in the People's Republic. But for many Americans, the deal confirms a long-held concern: that Beijing is slowly, step by step, taking over ByteDance - and thus also seizing control of TikTok.
https://www.welt.de/wirtschaft/article233227629/Peking-sieht-TikTok-als-eine-Erweiterung-der-Partei.html
#china #beijing #tiktok #ByteDance
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
The Chinese government is getting in on tech giant ByteDance, which owns TikTok. U.S. politicians now fear that China is slowly but surely usurping power over the video app.
The deal was struck in secret. Not a word leaked to the public. Four months ago, the Chinese government got in on a subsidiary of Beijing tech giant ByteDance. The government acquired a one percent stake and was given a seat on the supervisory board. Only now has the deal become public - and it immediately caused unrest, especially in the US.
That's because Bytedance also owns the video app TikTok, which is now downloaded more often in America than Instagram, WhatsApp and Facebook. So is China expanding its influence in the country with which it was until recently engaged in a bitter trade war?
At first glance, it all seems to concern only China itself. The subsidiary into which the state entered holds the licenses to operate Douyin, the Chinese version of TikTok, and Toutiao, a news portal. Both services are available only in the People's Republic. But for many Americans, the deal confirms a long-held concern: that Beijing is slowly, step by step, taking over ByteDance - and thus also seizing control of TikTok.
https://www.welt.de/wirtschaft/article233227629/Peking-sieht-TikTok-als-eine-Erweiterung-der-Partei.html
#china #beijing #tiktok #ByteDance
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
DIE WELT
โPeking sieht TikTok als eine Erweiterung der Parteiโ
Die chinesische Regierung steigt bei dem Tech-Giganten ByteDance ein, zu dem TikTok gehรถrt. US-Politiker fรผrchten nun, dass China langsam, aber sicher die Macht รผber die Video-App an sich reiรt.
99: The Spy
Darknet Diaries - EP 99: The Spy
Igor works as a private investigator in NYC. Heโs often sitting in cars keeping a distant eye on someone with binoculars. Or following someone through the busy streets of New York. In this episode we hear about a time when Igor was on a case but sensed that something wasnโt right.
https://darknetdiaries.com/episode/99/
#truecrime #darknetdiaries #podcast
๐@cRyPtHoN_INFOSEC_FR
๐@cRyPtHoN_INFOSEC_EN
๐@cRyPtHoN_INFOSEC_DE
๐@BlackBox_Archiv
Igor works as a private investigator in NYC. Heโs often sitting in cars keeping a distant eye on someone with binoculars. Or following someone through the busy streets of New York. In this episode we hear about a time when Igor was on a case but sensed that something wasnโt right.
https://darknetdiaries.com/episode/99/
#truecrime #darknetdiaries #podcast
๐@cRyPtHoN_INFOSEC_FR
๐@cRyPtHoN_INFOSEC_EN
๐@cRyPtHoN_INFOSEC_DE
๐@BlackBox_Archiv
OnlyFans to block sexually explicit videos starting in October
OnlyFans is getting out of the pornography business.
The company will prohibit users from posting any sexually explicit conduct, starting in October. Creators will still be allowed to post nude photos and videos, provided theyโre consistent with OnlyFansโ policy, the company said Thursday.
The changes are needed because of mounting pressure from banking partners and payment providers, according to the company.
โIn order to ensure the long-term sustainability of our platform, and the continue to host an inclusive community of creators and fans, we must evolve our content guidelines,โ OnlyFans said.
OnlyFans has attracted more than 130 million users by giving online creators a platform to charge their fans for photos and videos. Many of its most-popular creators post nude photos and videos, and it has been praised for giving sex workers a safer place to do their jobs.
But sex work still has a stigma. And OnlyFans is trying to raise money from outside investors at a valuation of more than US$1 billion. The company handled more than $2 billion in sales last year, and is on pace to more than double that this year. It keeps 20 per cent of that figure.
https://www.bnnbloomberg.ca/onlyfans-to-block-sexually-explicit-videos-starting-in-october-1.1642066
#onlyfans
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
OnlyFans is getting out of the pornography business.
The company will prohibit users from posting any sexually explicit conduct, starting in October. Creators will still be allowed to post nude photos and videos, provided theyโre consistent with OnlyFansโ policy, the company said Thursday.
The changes are needed because of mounting pressure from banking partners and payment providers, according to the company.
โIn order to ensure the long-term sustainability of our platform, and the continue to host an inclusive community of creators and fans, we must evolve our content guidelines,โ OnlyFans said.
OnlyFans has attracted more than 130 million users by giving online creators a platform to charge their fans for photos and videos. Many of its most-popular creators post nude photos and videos, and it has been praised for giving sex workers a safer place to do their jobs.
But sex work still has a stigma. And OnlyFans is trying to raise money from outside investors at a valuation of more than US$1 billion. The company handled more than $2 billion in sales last year, and is on pace to more than double that this year. It keeps 20 per cent of that figure.
https://www.bnnbloomberg.ca/onlyfans-to-block-sexually-explicit-videos-starting-in-october-1.1642066
#onlyfans
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
BNN
OnlyFans to bar sexually explicit videos starting in October
OnlyFans is getting out of the pornography business.
FTC requests Facebook sell WhatsApp and Instagram in major antitrust case
The US Federal Trade Commission has re-filed its complaint against Facebook, arguing that the company should be broken up and forced to sell Instagram and WhatsApp.
The revised complaint argues that Facebook has a monopoly over social networking in the US and argues that Facebook has looked to make it difficult for other companies to compete.
The complaint is partly redacted, and the FTCโs filing asks that it is sealed for 10 days.
The new case comes amid mounting scrutiny over the size and power of Facebookโs empire, and the way that it has bought up competitors as they have grown.
The case makes reference to an email from Mark Zuckerberg, sent in 2008, in which he said โit is better to buy than competeโ. The FTCโs lawyers argue that Facebook has acted in accordance with that strategy, tracking its rivals and buying them when they become big enough to be threats.
https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-ftc-whatsapp-instagram-antitrust-b1905429.html
#ftc #facebook #whatsapp #instagram #antitrust
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
The US Federal Trade Commission has re-filed its complaint against Facebook, arguing that the company should be broken up and forced to sell Instagram and WhatsApp.
The revised complaint argues that Facebook has a monopoly over social networking in the US and argues that Facebook has looked to make it difficult for other companies to compete.
The complaint is partly redacted, and the FTCโs filing asks that it is sealed for 10 days.
The new case comes amid mounting scrutiny over the size and power of Facebookโs empire, and the way that it has bought up competitors as they have grown.
The case makes reference to an email from Mark Zuckerberg, sent in 2008, in which he said โit is better to buy than competeโ. The FTCโs lawyers argue that Facebook has acted in accordance with that strategy, tracking its rivals and buying them when they become big enough to be threats.
https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-ftc-whatsapp-instagram-antitrust-b1905429.html
#ftc #facebook #whatsapp #instagram #antitrust
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
The Independent
FTC requests Facebook sell WhatsApp and Instagram
The US Federal Trade Commission has re-filed its complaint against Facebook, arguing that the company should be broken up and forced to sell Instagram and WhatsApp.
More than $90 million in cryptocurrency stolen after a top Japanese exchange is hacked
Japanese cryptocurrency exchange Liquid said Thursday it has been hit by a cyberattack that saw hackers make off with a reported $97 million worth of digital coins.
Liquid said some of its digital currency wallets had been "compromised," and that hackers were transferring the assets to four different wallets.
"We are currently investigating and will provide regular updates," Liquid tweeted. "In the meantime deposits and withdrawals will be suspended."
Liquid did not provide an estimate for the loss. It says it is regulated by Japan's Financial Services Agency. The watchdog was not immediately available for comment when contacted by CNBC.
Elliptic, a blockchain analytics company, said its analysis showed that about $97 million in cryptocurrencies have been obtained by the hackers.
Of the total haul, $45 million in tokens were being converted to ethereum through decentralized exchanges โ blockchain-based platforms that require no intermediaries โ like Uniswap and SushiSwap, Elliptic said.
"This enables the hacker to avoid having these assets frozen โ as is possible with many Ethereum tokens," Elliptic said in a blog post.
Liquid ranks among the top 20 crypto exchanges globally by daily trading volumes, processing more than $133 million of transactions in the last 24 hours, according to CoinMarketCap data.
https://www.cnbc.com/2021/08/19/liquid-cryptocurrency-exchange-hack.html
#liquid #cryptocurrency #exchange #hack #cyberattack
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Japanese cryptocurrency exchange Liquid said Thursday it has been hit by a cyberattack that saw hackers make off with a reported $97 million worth of digital coins.
Liquid said some of its digital currency wallets had been "compromised," and that hackers were transferring the assets to four different wallets.
"We are currently investigating and will provide regular updates," Liquid tweeted. "In the meantime deposits and withdrawals will be suspended."
Liquid did not provide an estimate for the loss. It says it is regulated by Japan's Financial Services Agency. The watchdog was not immediately available for comment when contacted by CNBC.
Elliptic, a blockchain analytics company, said its analysis showed that about $97 million in cryptocurrencies have been obtained by the hackers.
Of the total haul, $45 million in tokens were being converted to ethereum through decentralized exchanges โ blockchain-based platforms that require no intermediaries โ like Uniswap and SushiSwap, Elliptic said.
"This enables the hacker to avoid having these assets frozen โ as is possible with many Ethereum tokens," Elliptic said in a blog post.
Liquid ranks among the top 20 crypto exchanges globally by daily trading volumes, processing more than $133 million of transactions in the last 24 hours, according to CoinMarketCap data.
https://www.cnbc.com/2021/08/19/liquid-cryptocurrency-exchange-hack.html
#liquid #cryptocurrency #exchange #hack #cyberattack
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
CNBC
More than $90 million in cryptocurrency stolen after a top Japanese exchange is hacked
Japanese cryptocurrency exchange Liquid said some of its digital currency wallets have been "compromised."
Media is too big
VIEW IN TELEGRAM
Lake County commissioners order takedown of secret surveillance cameras
Flock Safety installed about 100 cameras in new pilot program to fight crime
Surveillance cameras are being taken down across Lake County after commissioners say they didnโt know about them in the first place.
According to the Lake County Sherriffโs Office, surveillance cameras were installed around the county in July under a new pilot program to help fight crime, but county commissioners said the cameras have to go.
https://www.clickorlando.com/news/local/2021/08/12/shocking-violation-of-procedure-lake-county-commissioners-order-takedown-of-traffic-surveillance-cameras/
#usa #traffic #surveillance #cameras #video
๐ฅ@cRyPtHoN_INFOSEC_FR
๐ฅ@cRyPtHoN_INFOSEC_EN
๐ฅ@cRyPtHoN_INFOSEC_DE
๐ฅ@BlackBox_Archiv
Flock Safety installed about 100 cameras in new pilot program to fight crime
Surveillance cameras are being taken down across Lake County after commissioners say they didnโt know about them in the first place.
According to the Lake County Sherriffโs Office, surveillance cameras were installed around the county in July under a new pilot program to help fight crime, but county commissioners said the cameras have to go.
https://www.clickorlando.com/news/local/2021/08/12/shocking-violation-of-procedure-lake-county-commissioners-order-takedown-of-traffic-surveillance-cameras/
#usa #traffic #surveillance #cameras #video
๐ฅ@cRyPtHoN_INFOSEC_FR
๐ฅ@cRyPtHoN_INFOSEC_EN
๐ฅ@cRyPtHoN_INFOSEC_DE
๐ฅ@BlackBox_Archiv
AT&T denies data breach after hacker auctions 70 million user database
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.
From the samples shared by the threat actor, the database contains customers' names, addresses, phone numbers, Social Security numbers, and date of birth.
A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on att.com.
Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.
However, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.
In many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.
In the past, ShinyHunters has breached numerous companies, including Wattpad, Tokopedia, Microsoft's GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many more.
https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/
#breach #atandt #ShinyHunters
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.
From the samples shared by the threat actor, the database contains customers' names, addresses, phone numbers, Social Security numbers, and date of birth.
A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on att.com.
Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.
However, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.
In many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.
In the past, ShinyHunters has breached numerous companies, including Wattpad, Tokopedia, Microsoft's GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many more.
https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/
#breach #atandt #ShinyHunters
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
BleepingComputer
AT&T denies data breach after hacker auctions 70 million user database
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
A Facebook hacker beat my 2FA, bricked my Oculus Quest, and hit the company credit card
If you havenโt been following the action on Twitter, you may or may not have noticed I vanished from Facebook and Instagram. That was just the beginning. In this post Iโll run you through the timeline, share what Iโve pieced together, and post updates as they unfold. Let me encourage you to follow @CodeWritePlay or @Mechatodzilla on Twitter where Iโll alert you when those updates occur.
The timeline
8/19, shortly before 3:30 AM โ While I slept like I was dead after staying up too late watching Hulu, my Facebook account was disabled for violating community guidelines.....
https://codewriteplay.com/2021/08/20/a-facebook-hacker-beat-my-2fa-bricked-my-oculus-quest-and-hit-the-company-credit-card/
#codewriteplay #hacker #facebook
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
If you havenโt been following the action on Twitter, you may or may not have noticed I vanished from Facebook and Instagram. That was just the beginning. In this post Iโll run you through the timeline, share what Iโve pieced together, and post updates as they unfold. Let me encourage you to follow @CodeWritePlay or @Mechatodzilla on Twitter where Iโll alert you when those updates occur.
The timeline
8/19, shortly before 3:30 AM โ While I slept like I was dead after staying up too late watching Hulu, my Facebook account was disabled for violating community guidelines.....
https://codewriteplay.com/2021/08/20/a-facebook-hacker-beat-my-2fa-bricked-my-oculus-quest-and-hit-the-company-credit-card/
#codewriteplay #hacker #facebook
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
CodeWritePlay - Games, tech, development, and more
A Facebook hacker beat my 2FA, bricked my Oculus Quest, and hit the company credit card - CodeWritePlay
If you haven't been following the action on Twitter, you may or may not have noticed I vanished from Facebook and Instagram. That was just the beginning. In this post I'll run you through the timeline, share what I've pieced together, and post updates asโฆ
Media is too big
VIEW IN TELEGRAM
GNU Privacy Assistant: PGP (Part I)
We generate our first open PGP keys and encrypt text using a wonderful GUI tool:
GNU Privacy Assistant (on Linux). We describe the public/private key exchange encryption/decryption process, and create our first encrypted text message. Briefly talking about potential issues with all in one encryption + communication programs and how PGP can help solve this.
The benefits of a compartmentalized, offline encryption setup are discussed as we learn to generate a key and encrypt a message in GNU Privacy Assistant.
I think you will enjoy the all in one nature of this setup.
https://devtube.dev-wiki.de/videos/watch/4d106a61-a850-4d42-b2ff-34f14b6b16cd
#pgp #encryption #gnu #PrivacyAssistant #linux #tool #video #guide
๐ฅ@cRyPtHoN_INFOSEC_FR
๐ฅ@cRyPtHoN_INFOSEC_EN
๐ฅ@cRyPtHoN_INFOSEC_DE
๐ฅ@BlackBox_Archiv
We generate our first open PGP keys and encrypt text using a wonderful GUI tool:
GNU Privacy Assistant (on Linux). We describe the public/private key exchange encryption/decryption process, and create our first encrypted text message. Briefly talking about potential issues with all in one encryption + communication programs and how PGP can help solve this.
The benefits of a compartmentalized, offline encryption setup are discussed as we learn to generate a key and encrypt a message in GNU Privacy Assistant.
I think you will enjoy the all in one nature of this setup.
https://devtube.dev-wiki.de/videos/watch/4d106a61-a850-4d42-b2ff-34f14b6b16cd
#pgp #encryption #gnu #PrivacyAssistant #linux #tool #video #guide
๐ฅ@cRyPtHoN_INFOSEC_FR
๐ฅ@cRyPtHoN_INFOSEC_EN
๐ฅ@cRyPtHoN_INFOSEC_DE
๐ฅ@BlackBox_Archiv
Jumpskip - Watch movies on Netflix without the jumpscares
Jumpskip is a Chrome Extension for Netflix that helps you watch movies without being scared by jumpscares. Skip, mute, get a warning when jumpscares are about to happen, view all the jumpscare timestamps, and much more.
๐๐ฝ https://chrome.google.com/webstore/detail/jumpskip-skip-jumpscares/fbemiaecodgpghdfegmdcikjkobdghab
https://github.com/alyssaxuu/jumpskip
#jumpskip #netflix #chrome #extension
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Jumpskip is a Chrome Extension for Netflix that helps you watch movies without being scared by jumpscares. Skip, mute, get a warning when jumpscares are about to happen, view all the jumpscare timestamps, and much more.
๐๐ฝ https://chrome.google.com/webstore/detail/jumpskip-skip-jumpscares/fbemiaecodgpghdfegmdcikjkobdghab
https://github.com/alyssaxuu/jumpskip
#jumpskip #netflix #chrome #extension
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Google
Jumpskip - Skip Jumpscares on Netflix
Skip, mute, or get an alert when a jumpscare is about to happen
Office 365 audit logging
Itโs important to enable audit logging for o365 even if you are not monitoring them actively. Atleast if you get hacked thereโs logging to investigate :). The audit log is not always enabled by default, it seems to rely on license levels. However there are some important things to take into consideration.
You can enable the unified audit log and be done. However there are some things to take into consideration. Especially when it comes to mailbox operations and logging. Office 365 audit logging can be tricky to manage. Thereโs some things you need to be wary of when relying on the o365 logging. Essentially we need to make sure Unified Audit log is enabled and the mailbox audit settings are set correctly.
https://nitter.pussthecat.org/rikvduijn/status/1428628157456949253#m
https://zolder.io/office-365-audit-logging/
#office #audit #logging
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Itโs important to enable audit logging for o365 even if you are not monitoring them actively. Atleast if you get hacked thereโs logging to investigate :). The audit log is not always enabled by default, it seems to rely on license levels. However there are some important things to take into consideration.
You can enable the unified audit log and be done. However there are some things to take into consideration. Especially when it comes to mailbox operations and logging. Office 365 audit logging can be tricky to manage. Thereโs some things you need to be wary of when relying on the o365 logging. Essentially we need to make sure Unified Audit log is enabled and the mailbox audit settings are set correctly.
https://nitter.pussthecat.org/rikvduijn/status/1428628157456949253#m
https://zolder.io/office-365-audit-logging/
#office #audit #logging
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
frolov2019.pdf
512.9 KB
The use of TLS in Censorship Circumvention
https://tlsfingerprint.io/
https://tlsfingerprint.io/static/frolov2019.pdf
#tls #fingerprint #censorship #circumvention #pdf
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
https://tlsfingerprint.io/
https://tlsfingerprint.io/static/frolov2019.pdf
#tls #fingerprint #censorship #circumvention #pdf
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Apple Exec: โWe Are The Greatest Platform For Distributing Child Pornโ
Apple fraud executive Eric Friedman told colleague Herve Sibert that Apple is the greatest platform for distributing child pornography. The comment sheds light on why Apple is now pursing a controversial program and automating checks for child porn on customersโ phones and in their messages.
According to a rather thin LinkedIn profile, Eric Friedman is a senior engineering manager at Apple. Security websites, however, list his actual role as โhead of Appleโs Fraud Engineering Algorithms and Risk unit,โ also known as FEAR. Sibert is Appleโs security and fraud engineering manager, according to his LinkedIn profile.
Friedman made the claim in a February 2020 text message conversation revealed in discovery for the Apple-Epic trial over whether Apple can demand app developers use its payment services, among other things. The Verge has published an extensive list of the most interesting reveals from court discovery.
Friedman was messaging using Appleโs iMessage platform, which is end-to-end encrypted for privacy. That privacy, however, works for both positive and negative uses.
https://www.forbes.com/sites/johnkoetsier/2021/08/19/apple-exec-we-are-the-greatest-platform-for-distributing-child-porn/
#usa #apple #iphones #childabuse #surveillance
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Apple fraud executive Eric Friedman told colleague Herve Sibert that Apple is the greatest platform for distributing child pornography. The comment sheds light on why Apple is now pursing a controversial program and automating checks for child porn on customersโ phones and in their messages.
According to a rather thin LinkedIn profile, Eric Friedman is a senior engineering manager at Apple. Security websites, however, list his actual role as โhead of Appleโs Fraud Engineering Algorithms and Risk unit,โ also known as FEAR. Sibert is Appleโs security and fraud engineering manager, according to his LinkedIn profile.
Friedman made the claim in a February 2020 text message conversation revealed in discovery for the Apple-Epic trial over whether Apple can demand app developers use its payment services, among other things. The Verge has published an extensive list of the most interesting reveals from court discovery.
Friedman was messaging using Appleโs iMessage platform, which is end-to-end encrypted for privacy. That privacy, however, works for both positive and negative uses.
https://www.forbes.com/sites/johnkoetsier/2021/08/19/apple-exec-we-are-the-greatest-platform-for-distributing-child-porn/
#usa #apple #iphones #childabuse #surveillance
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Forbes
Apple Exec: โWe Are The Greatest Platform For Distributing Child Pornโ
Apple fraud executive Eric Friedman told colleague Herve Sibert that Apple is the greatest platform for distributing child pornography.
Apple and Google ordered by Russia's media authority to take down the app of Vladimir Putin's biggest opponent
Russia's media authority Roskomnadzor has ordered Apple and Alphabet, Google's parent company, to take the app of the biggest opponent of Russian President Vladimir Putin off of their platforms, according to a report.
Roskomnadzor said the app dedicated to publishing stories about Alexei Navalny should be taken off of Google and Apple's app stores because Russian courts have labeled Navalny's anti-corruption foundation as extremist, the Russian news agency Interfax reported on Friday.
Neither Apple or Alphabet were immediately available for comment Saturday about the request.
The development marks the latest attempt by the Russian government to silence Navalny. Navalny is currently in a Russian prison after returning to the country from Germany, where he recovered from being poisoned with the Soviet-era nerve agent Novichok during a flight within Russia last August. The Russian government says he is guilty of embezzlement.
Putin and the Russian government's treatment of Navalny continues to draw criticism from abroad. During a Friday meeting with Putin, German Chancellor Angela Merkel called Navalny's imprisonment unacceptable and called for his release.
The team of US President Joe Biden has warned Russia of "consequences" if Navalny dies while in custody.
https://www.businessinsider.com/russia-media-authority-orders-apple-google-take-down-navalny-app-2021-8
#usa #russia #putin #biden #navalny #roskomnadzor #apple #google #appstore #takedown
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Russia's media authority Roskomnadzor has ordered Apple and Alphabet, Google's parent company, to take the app of the biggest opponent of Russian President Vladimir Putin off of their platforms, according to a report.
Roskomnadzor said the app dedicated to publishing stories about Alexei Navalny should be taken off of Google and Apple's app stores because Russian courts have labeled Navalny's anti-corruption foundation as extremist, the Russian news agency Interfax reported on Friday.
Neither Apple or Alphabet were immediately available for comment Saturday about the request.
The development marks the latest attempt by the Russian government to silence Navalny. Navalny is currently in a Russian prison after returning to the country from Germany, where he recovered from being poisoned with the Soviet-era nerve agent Novichok during a flight within Russia last August. The Russian government says he is guilty of embezzlement.
Putin and the Russian government's treatment of Navalny continues to draw criticism from abroad. During a Friday meeting with Putin, German Chancellor Angela Merkel called Navalny's imprisonment unacceptable and called for his release.
The team of US President Joe Biden has warned Russia of "consequences" if Navalny dies while in custody.
https://www.businessinsider.com/russia-media-authority-orders-apple-google-take-down-navalny-app-2021-8
#usa #russia #putin #biden #navalny #roskomnadzor #apple #google #appstore #takedown
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
Business Insider
Apple and Google ordered by Russia's media authority to take down the app of Vladimir Putin's biggest opponent
The order appears to be the latest effort by the Russian government to silence the imprisoned Alexei Navalny.